Transactions on the frontend, through Stripe.js or checkout.js should be happening with the publishable key (pk). Whereas, anything happening in the backend (basically the code that only owner can access), would be using the private/secret key (sk).
Your secret key is the one that has the ability to charge cards, create customers, plans, subscriptions, etc. Your publishable key can only create tokens.
Transactions on the frontend, through Stripe.js or checkout.js should be happening with the publishable key (pk). Whereas, anything happening in the backend (basically the code that only owner can access), would be using the private/secret key (sk).
Your secret key is the one that has the ability to charge cards, create customers, plans, subscriptions, etc. Your publishable key can only create tokens.